Congress passed into law the Health Insurance Portability and Accountability Act of 1996 (HIPAA) with the goals of providing consumers with greater access to health care insurance, protecting the privacy of health care data, and promoting more standardization and efficiency in the health care industry. CareFirst has been working to ensure compliance with the HIPAA legislation since its inception.

HIPAA Overview

HIPAA regulations address the following key issues:

Portability - Since 1996, HIPAA has protected health insurance coverage for workers and their families when they change or lose their jobs. If you need more information or need proof of coverage under a CareFirst health plan, call Member Services, using the phone number on the back of your old ID card.

Privacy Standards - HIPAA created new rights for individuals that provide more control over the use and disclosure of, and access to their own confidential information. The compliance deadline for all covered entities was April 14, 2003.

Security Standards - All covered entities must take steps to assure the confidentiality, integrity, and availability of protected health information (PHI). Security requirements for Privacy were completed by the April compliance deadline. All covered entities must implement policies and procedures, both administrative and technical, to keep PHI secure and confidential, when it is PHI that is electronically transmitted, stored or manipulated by April 2005.

Unique Identifiers - Another goal of HIPAA is to assign one identifying number to each provider, employer, health plan and individual. The National Employer ID will be used in transactions beginning in October 2003. Both the National Provider and Health Plan Identifier requirements have not been finalized.

Please review Frequently Asked Questions for more information about HIPAA and how CareFirst is responding to these new requirements.

Unique Identifiers

As part of the HIPAA Administrative Simplification regulation, there are currently three unique identifiers used for covered entities in HIPAA administrative and financial transactions. The use of these unique identifiers will promote standardization, efficiency and consistency.

The unique identifiers under HIPAA regulations are:

Standard Unique Employer Identifier (EIN)The same as the Employer Identification Number (EIN) used on an organization's federal IRS Form W-2. This identifies an employer entity in HIPAA transactions.

National Provider Identifier (NPI)NPI is a unique 10-digit number used for covered health-care providers in all HIPAA administrative and financial transactions.

Serving Maryland, the District of Columbia and portions of Virginia, CareFirst BlueCross BlueShield is the shared business name of CareFirst of Maryland, Inc. and Group Hospitalization and Medical Services, Inc. In the District of Columbia and Maryland, CareFirst MedPlus is the business name of First Care, Inc. In Virginia, CareFirst MedPlus is the business name of First Care, Inc. of Maryland (Used in VA By: First Care, Inc.). First Care, Inc., CareFirst of Maryland, Inc., Group Hospitalization and Medical Services, Inc., CareFirst BlueChoice, Inc. and The Dental Network are independent licensees of the Blue Cross and Blue Shield Association. The Blue Cross and Blue Shield Names and Symbols are registered trademarks of the Blue Cross and Blue Shield Association.

CareFirst of Maryland, Inc. and The Dental Network underwrite products in Maryland only.